Wednesday, August 13, 2008

postfix trickery

Eventually, after years of research, I was able to add postfixto my personal list of the exceptional exploited programs (exexpro) }|-)

As of now, updates are already available. CVE-2008-2936 andCVE-2008-2937have been assigned to this issue. My dear colleague Thomas will have sent an advisory out today(writing this one day before the CRD).So far, my exexpro list has grown to contain the following (random order):Postfix, rsync, traceroute, modprobe/kernel, vixie crontab, suidperl, sudo, lpr, cups,ppp, ippp, LIDS, hylafax, racoon to just name the more popular ones. Some of them appear multipletimes, some of them only affected BSD systems. The OpenBSD team was so kind tooffer me a poster for a local root exploit in ppp years ago. Additionally,dozens of less popular programs appear on the list such asimwheel, kreatecd, dip, wmcdplay various other K* programs etc. For all of them I wrote an exploit.I am not able to provide exploits anymore due to the new law about this in Germany.The exceptional exploited also contains weak implementations of secure protocols (SSL, SSH)or weak protocols itself (CHAP) or absolutely uncommon exploits (see last posting for instance).

Lets hope that I can continue the trickery list in future and let the targets be smart andpopular. Only the minority of issues have been overflow or related bugs, BTW.